driver.whitelist: "docker,raw_exec,exec"
fingerprint.network.disallow_link_local: true
nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+ - src: "{{ vault_nomad_v2_ca_file }}"
+ dest: "{{ consul_ca_file }}"
+ - src: "{{ vault_nomad_v2_cert_file }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ vault_nomad_v2_key_file }}"
+ dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+ - "10.30.51.30"
+ - "10.30.51.32"
+ - "10.30.51.33"
+ - "10.30.51.14"
+ - "10.30.51.15"
+ - "10.30.51.16"
\ No newline at end of file
docker.privileged.enabled: true
driver.whitelist: "docker,raw_exec,exec"
nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+ - src: "{{ vault_nomad_v1_ca_file }}"
+ dest: "{{ consul_ca_file }}"
+ - src: "{{ vault_nomad_v1_cert_file }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ vault_nomad_v1_key_file }}"
+ dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+ - "10.30.51.30"
+ - "10.30.51.32"
+ - "10.30.51.33"
+ - "10.30.51.14"
+ - "10.30.51.15"
+ - "10.30.51.16"
\ No newline at end of file
fingerprint.network.disallow_link_local: true
nomad_retry_servers: [ "10.30.51.32", "10.30.51.33" ]
nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+ - src: "{{ vault_nomad_v2_ca_file }}"
+ dest: "{{ consul_ca_file }}"
+ - src: "{{ vault_nomad_v2_cert_file }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ vault_nomad_v2_key_file }}"
+ dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "both"
+consul_retry_servers:
+ - "10.30.51.32"
+ - "10.30.51.33"
+ - "10.30.51.14"
+ - "10.30.51.15"
+ - "10.30.51.16"
\ No newline at end of file
driver.whitelist: "docker,raw_exec,exec"
nomad_retry_servers: [ "10.30.51.33", "10.30.51.30" ]
nomad_servers: [ "10.30.51.32:4647" ]
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+ - src: "{{ vault_nomad_v2_ca_file }}"
+ dest: "{{ consul_ca_file }}"
+ - src: "{{ vault_nomad_v2_cert_file }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ vault_nomad_v2_key_file }}"
+ dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "both"
+consul_retry_servers:
+ - "10.30.51.30"
+ - "10.30.51.33"
+ - "10.30.51.14"
+ - "10.30.51.15"
+ - "10.30.51.16"
\ No newline at end of file
driver.whitelist: "docker,raw_exec,exec"
nomad_retry_servers: [ "10.30.51.32", "10.30.51.30" ]
nomad_servers: [ "10.30.51.33:4647" ]
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+ - src: "{{ vault_nomad_v2_ca_file }}"
+ dest: "{{ consul_ca_file }}"
+ - src: "{{ vault_nomad_v2_cert_file }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ vault_nomad_v2_key_file }}"
+ dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "both"
+consul_retry_servers:
+ - "10.30.51.30"
+ - "10.30.51.32"
+ - "10.30.51.14"
+ - "10.30.51.15"
+ - "10.30.51.16"
\ No newline at end of file
driver.whitelist: "docker,raw_exec,exec"
nomad_retry_servers: [ "10.30.51.32", "10.30.51.33" ]
nomad_servers: [ "10.30.51.33:4647" ]
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+ - src: "{{ vault_nomad_v2_ca_file }}"
+ dest: "{{ consul_ca_file }}"
+ - src: "{{ vault_nomad_v2_cert_file }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ vault_nomad_v2_key_file }}"
+ dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+ - "10.30.51.30"
+ - "10.30.51.32"
+ - "10.30.51.33"
+ - "10.30.51.14"
+ - "10.30.51.15"
+ - "10.30.51.16"
\ No newline at end of file
driver.whitelist: "docker,raw_exec,exec"
nomad_retry_servers: [ "10.30.51.32", "10.30.51.33" ]
nomad_servers: [ "10.30.51.33:4647" ]
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+ - src: "{{ vault_nomad_v2_ca_file }}"
+ dest: "{{ consul_ca_file }}"
+ - src: "{{ vault_nomad_v2_cert_file }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ vault_nomad_v2_key_file }}"
+ dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+ - "10.30.51.30"
+ - "10.30.51.32"
+ - "10.30.51.33"
+ - "10.30.51.14"
+ - "10.30.51.15"
+ - "10.30.51.16"
\ No newline at end of file
driver.whitelist: "docker,raw_exec,exec"
nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
nomad_cpu_total_compute: "40000"
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+ - src: "{{ vault_nomad_v1_ca_file }}"
+ dest: "{{ consul_ca_file }}"
+ - src: "{{ vault_nomad_v1_cert_file }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ vault_nomad_v1_key_file }}"
+ dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+ - "10.30.51.30"
+ - "10.30.51.32"
+ - "10.30.51.33"
+ - "10.30.51.14"
+ - "10.30.51.15"
+ - "10.30.51.16"
\ No newline at end of file
driver.whitelist: "docker,raw_exec,exec"
nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
nomad_cpu_total_compute: "40000"
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+ - src: "{{ vault_nomad_v1_ca_file }}"
+ dest: "{{ consul_ca_file }}"
+ - src: "{{ vault_nomad_v1_cert_file }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ vault_nomad_v1_key_file }}"
+ dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+ - "10.30.51.30"
+ - "10.30.51.32"
+ - "10.30.51.33"
+ - "10.30.51.14"
+ - "10.30.51.15"
+ - "10.30.51.16"
\ No newline at end of file
inventory_ipmi_hostname: "10.30.50.47"
cpu_microarchitecture: "skylake"
+# User management.
+users:
+ - username: localadmin
+ groups: [adm, sudo]
+ password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1"
+ ssh_key:
+ - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com"
+ - username: testuser
+ groups: [adm, sudo]
+ password: "$6$zpBUdQ4q$P2zKclumvCndWujgP/qQ8eMk3YZk7ESAom04Fqp26hJH2jWkMXEX..jqxzMdDLJKiDaDHIaSkQMVjHzd3cRLs1"
+ ssh_key:
+ - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com"
+
# Nomad settings.
nomad_certificates:
- src: "{{ vault_nomad_v1_ca_file }}"
docker.volumes.enabled: true
driver.whitelist: "docker,raw_exec,exec"
nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+ - src: "{{ vault_nomad_v1_ca_file }}"
+ dest: "{{ consul_ca_file }}"
+ - src: "{{ vault_nomad_v1_cert_file }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ vault_nomad_v1_key_file }}"
+ dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+ - "10.30.51.30"
+ - "10.30.51.32"
+ - "10.30.51.33"
+ - "10.30.51.14"
+ - "10.30.51.15"
+ - "10.30.51.16"
\ No newline at end of file
inventory_ipmi_hostname: "10.30.50.48"
cpu_microarchitecture: "skylake"
+# User management.
+users:
+ - username: localadmin
+ groups: [adm, sudo]
+ password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1"
+ ssh_key:
+ - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com"
+ - username: testuser
+ groups: [adm, sudo]
+ password: "$6$zpBUdQ4q$P2zKclumvCndWujgP/qQ8eMk3YZk7ESAom04Fqp26hJH2jWkMXEX..jqxzMdDLJKiDaDHIaSkQMVjHzd3cRLs1"
+ ssh_key:
+ - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com"
+
# Nomad settings.
nomad_certificates:
- src: "{{ vault_nomad_v1_ca_file }}"
docker.volumes.enabled: true
driver.whitelist: "docker,raw_exec,exec"
nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+ - src: "{{ vault_nomad_v1_ca_file }}"
+ dest: "{{ consul_ca_file }}"
+ - src: "{{ vault_nomad_v1_cert_file }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ vault_nomad_v1_key_file }}"
+ dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+ - "10.30.51.30"
+ - "10.30.51.32"
+ - "10.30.51.33"
+ - "10.30.51.14"
+ - "10.30.51.15"
+ - "10.30.51.16"
\ No newline at end of file
driver.whitelist: "docker,raw_exec,exec"
nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
nomad_cpu_total_compute: "40000"
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+ - src: "{{ vault_nomad_v1_ca_file }}"
+ dest: "{{ consul_ca_file }}"
+ - src: "{{ vault_nomad_v1_cert_file }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ vault_nomad_v1_key_file }}"
+ dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+ - "10.30.51.30"
+ - "10.30.51.32"
+ - "10.30.51.33"
+ - "10.30.51.14"
+ - "10.30.51.15"
+ - "10.30.51.16"
\ No newline at end of file
driver.whitelist: "docker,raw_exec,exec"
nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
nomad_cpu_total_compute: "40000"
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+ - src: "{{ vault_nomad_v1_ca_file }}"
+ dest: "{{ consul_ca_file }}"
+ - src: "{{ vault_nomad_v1_cert_file }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ vault_nomad_v1_key_file }}"
+ dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+ - "10.30.51.30"
+ - "10.30.51.32"
+ - "10.30.51.33"
+ - "10.30.51.14"
+ - "10.30.51.15"
+ - "10.30.51.16"
\ No newline at end of file
driver.whitelist: "docker,raw_exec,exec"
nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
nomad_cpu_total_compute: "40000"
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+ - src: "{{ vault_nomad_v1_ca_file }}"
+ dest: "{{ consul_ca_file }}"
+ - src: "{{ vault_nomad_v1_cert_file }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ vault_nomad_v1_key_file }}"
+ dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+ - "10.30.51.30"
+ - "10.30.51.32"
+ - "10.30.51.33"
+ - "10.30.51.14"
+ - "10.30.51.15"
+ - "10.30.51.16"
\ No newline at end of file
driver.whitelist: "docker,raw_exec,exec"
nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
nomad_cpu_total_compute: "40000"
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+ - src: "{{ vault_nomad_v1_ca_file }}"
+ dest: "{{ consul_ca_file }}"
+ - src: "{{ vault_nomad_v1_cert_file }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ vault_nomad_v1_key_file }}"
+ dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+ - "10.30.51.30"
+ - "10.30.51.32"
+ - "10.30.51.33"
+ - "10.30.51.14"
+ - "10.30.51.15"
+ - "10.30.51.16"
\ No newline at end of file
driver.whitelist: "docker,raw_exec,exec"
nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
nomad_cpu_total_compute: "40000"
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+ - src: "{{ vault_nomad_v1_ca_file }}"
+ dest: "{{ consul_ca_file }}"
+ - src: "{{ vault_nomad_v1_cert_file }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ vault_nomad_v1_key_file }}"
+ dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+ - "10.30.51.30"
+ - "10.30.51.32"
+ - "10.30.51.33"
+ - "10.30.51.14"
+ - "10.30.51.15"
+ - "10.30.51.16"
\ No newline at end of file
driver.whitelist: "docker,raw_exec,exec"
nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
nomad_cpu_total_compute: "40000"
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+ - src: "{{ vault_nomad_v1_ca_file }}"
+ dest: "{{ consul_ca_file }}"
+ - src: "{{ vault_nomad_v1_cert_file }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ vault_nomad_v1_key_file }}"
+ dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "client"
+consul_retry_servers:
+ - "10.30.51.30"
+ - "10.30.51.32"
+ - "10.30.51.33"
+ - "10.30.51.14"
+ - "10.30.51.15"
+ - "10.30.51.16"
\ No newline at end of file
fingerprint.network.disallow_link_local: true
nomad_retry_servers: [ "10.30.51.30", "10.30.51.32", "10.30.51.33" ]
nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
+nomad_volumes:
+ - name: "prod-volume-data1-1"
+ path: "/data"
+ read_only: false
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+ - src: "{{ vault_nomad_v3_ca_file }}"
+ dest: "{{ consul_ca_file }}"
+ - src: "{{ vault_nomad_v3_cert_file }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ vault_nomad_v3_key_file }}"
+ dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "both"
+consul_retry_servers:
+ - "10.30.51.30"
+ - "10.30.51.32"
+ - "10.30.51.33"
+ - "10.30.51.15"
+ - "10.30.51.16"
+consul_services:
+ - name: "storage1"
+ port: 9000
+ - name: "nginx1"
+ port: 443
\ No newline at end of file
fingerprint.network.disallow_link_local: true
nomad_retry_servers: [ "10.30.51.30", "10.30.51.32", "10.30.51.33" ]
nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647" ]
+nomad_volumes:
+ - name: "prod-volume-data2-1"
+ path: "/data"
+ read_only: false
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+ - src: "{{ vault_nomad_v3_ca_file }}"
+ dest: "{{ consul_ca_file }}"
+ - src: "{{ vault_nomad_v3_cert_file }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ vault_nomad_v3_key_file }}"
+ dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "both"
+consul_retry_servers:
+ - "10.30.51.30"
+ - "10.30.51.32"
+ - "10.30.51.33"
+ - "10.30.51.14"
+ - "10.30.51.16"
+consul_services:
+ - name: "storage2"
+ port: 9000
+ - name: "nginx2"
+ port: 443
\ No newline at end of file
fingerprint.network.disallow_link_local: true
nomad_retry_servers: [ "10.30.51.30", "10.30.51.32", "10.30.51.33" ]
nomad_servers: [ "10.30.51.32:4647", "10.30.51.33:4647", "10.30.51.30:4647" ]
+
+# Consul settigs.
+consul_nomad_integration: true
+consul_certificates:
+ - src: "{{ vault_nomad_v3_ca_file }}"
+ dest: "{{ consul_ca_file }}"
+ - src: "{{ vault_nomad_v3_cert_file }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ vault_nomad_v3_key_file }}"
+ dest: "{{ consul_key_file }}"
+consul_datacenter: "yul1"
+consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
+consul_node_name: "{{ hostname }}"
+consul_node_role: "both"
+consul_retry_servers:
+ - "10.30.51.30"
+ - "10.30.51.32"
+ - "10.30.51.33"
+ - "10.30.51.14"
+ - "10.30.51.15"
\ No newline at end of file
roles:
- role: user_add
tags: user_add
+ - role: baremetal
+ tags: baremetal
- role: docker
tags: docker
- role: nomad
tags: nomad
+ - role: consul
+ tags: consul
\ No newline at end of file
--- /dev/null
+---
+# file: roles/consul/defaults/main.yaml
+
+# Inst - Prerequisites.
+packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}"
+
+packages_base:
+ - "cgroup-bin"
+ - "curl"
+ - "git"
+ - "libcgroup1"
+ - "unzip"
+ - "htop"
+packages_by_distro:
+ ubuntu:
+ - []
+packages_by_arch:
+ aarch64:
+ - []
+ x86_64:
+ - []
+
+# Inst - Download Consul.
+consul_architecture_map:
+ amd64: "amd64"
+ x86_64: "amd64"
+ armv7l: "arm"
+ aarch64: "arm64"
+ 32-bit: "386"
+ 64-bit: "amd64"
+consul_architecture: "{{ consul_architecture_map[ansible_architecture] }}"
+consul_version: "1.8.6"
+consul_pkg: "consul_{{ consul_version }}_linux_{{ consul_architecture }}.zip"
+consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/{{ consul_pkg }}"
+
+# Inst - System paths.
+consul_bin_dir: "/usr/local/bin"
+consul_config_dir: "/etc/consul.d"
+consul_data_dir: "/var/consul"
+consul_inst_dir: "/opt"
+consul_lockfile: "/var/lock/subsys/consul"
+consul_run_dir: "/var/run/consul"
+consul_ssl_dir: "/etc/consul.d/ssl"
+nomad_config_dir: "/etc/nomad.d"
+
+# Conf - Service.
+consul_node_role: "both"
+consul_restart_handler_state: "restarted"
+nomad_restart_handler_state: "restarted"
+systemd_resolved_state: "stopped"
+
+# Conf - User and group.
+consul_group: "consul"
+consul_group_state: "present"
+consul_manage_group: true
+consul_manage_user: true
+consul_user: "consul"
+consul_user_groups: [ docker, nomad, consul, root ]
+consul_user_state: "present"
+
+# Conf - nomad.d/consul.hcl
+consul_nomad_integration: true
+consul_certificates:
+ - src: "{{ vault_consul_ca_file }}"
+ dest: "{{ consul_ca_file }}"
+ - src: "{{ vault_consul_cert_file }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ vault_consul_key_file }}"
+ dest: "{{ consul_key_file }}"
+
+consul_address: "127.0.0.1:8500"
+consul_auth: ""
+consul_auto_advertise: true
+consul_checks_use_advertise: false
+consul_server_service_name: "nomad"
+consul_client_service_name: "nomad-client"
+consul_server_auto_join: false
+consul_client_auto_join: false
+consul_ssl: true
+consul_verify_ssl: true
+consul_ACL_token_set: false
+consul_token: "consul_token_default"
+
+# Conf - base.hcl
+consul_bind_addr: "{{ ansible_default_ipv4.address }}"
+consul_client_addr: "0.0.0.0"
+consul_datacenter: "dc1"
+consul_disable_update_check: true
+consul_enable_debug: false
+consul_enable_syslog: true
+consul_log_level: "INFO"
+consul_node_name: "{{ inventory_hostname }}"
+consul_retry_join: true
+consul_bootstrap_expect: 2
+consul_encrypt: ""
+consul_ca_file: "{{ consul_ssl_dir }}/ca.pem"
+consul_cert_file: "{{ consul_ssl_dir }}/consul.pem"
+consul_key_file: "{{ consul_ssl_dir }}/consul-key.pem"
+consul_ui: true
+consul_recursors:
+ - 1.1.1.1
+ - 8.8.8.8
+
+# Conf - ports.hcl
+consul_port_dns: 53
+consul_port_http: 8500
+consul_port_https: 8501
+consul_port_grpc: 8502
+consul_port_serf_lan: 8301
+consul_port_serf_wan: 8302
+consul_port_server: 8300
+
+# Conf - services.json
+consul_services: false
\ No newline at end of file
--- /dev/null
+---
+# file roles/consul/handlers/main.yaml
+
+- name: Restart Nomad
+ systemd:
+ daemon_reload: true
+ enabled: true
+ name: "nomad"
+ state: "{{ nomad_restart_handler_state }}"
+
+- name: Restart Consul
+ systemd:
+ daemon_reload: true
+ enabled: true
+ name: "consul"
+ state: "{{ consul_restart_handler_state }}"
+
+- name: Stop Systemd-resolved
+ systemd:
+ daemon_reload: true
+ enabled: false
+ name: "systemd-resolved"
+ state: "{{ systemd_resolved_state }}"
\ No newline at end of file
--- /dev/null
+---
+# file: roles/consul/meta/main.yaml
+
+# desc: Install consul from stable branch and configure service.
+# inst: Consul
+# conf: ?
+# info: 1.0 - added role
+
+dependencies: [ ]
--- /dev/null
+---
+# file: roles/consul/tasks/main.yaml
+
+- name: Inst - Prerequisites
+ package:
+ name: "{{ packages | flatten(levels=1) }}"
+ state: latest
+ update_cache: true
+ tags:
+ - consul-inst-prerequisites
+
+- name: Conf - Add Consul Group
+ group:
+ name: "{{ consul_group }}"
+ state: "{{ consul_group_state }}"
+ when:
+ - consul_manage_group | bool
+ tags:
+ - consul-conf-user
+
+- name: Conf - Add Consul user
+ user:
+ name: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ groups: "{{ consul_user_groups }}"
+ state: "{{ consul_user_state }}"
+ system: true
+ when:
+ - consul_manage_user | bool
+ tags:
+ - consul-conf-user
+
+- name: Inst - Clean Consul
+ file:
+ path: "{{ consul_inst_dir }}/consul"
+ state: "absent"
+ tags:
+ - consul-inst-package
+
+- name: Inst - Download Consul
+ get_url:
+ url: "{{ consul_zip_url }}"
+ dest: "{{ consul_inst_dir }}/{{ consul_pkg }}"
+ tags:
+ - consul-inst-package
+
+- name: Inst - Unarchive Consul
+ unarchive:
+ src: "{{ consul_inst_dir }}/{{ consul_pkg }}"
+ dest: "{{ consul_inst_dir }}/"
+ creates: "{{ consul_inst_dir }}/consul"
+ remote_src: true
+ tags:
+ - consul-inst-package
+
+- name: Inst - Consul
+ copy:
+ src: "{{ consul_inst_dir }}/consul"
+ dest: "{{ consul_bin_dir }}"
+ owner: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ force: true
+ mode: 0755
+ remote_src: true
+ tags:
+ - consul-inst-package
+
+- name: Conf - Create Directories "{{ consul_data_dir }}"
+ file:
+ dest: "{{ consul_data_dir }}"
+ state: directory
+ owner: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ tags:
+ - consul-conf
+
+- name: Conf - Create Directories "{{ consul_ssl_dir }}"
+ file:
+ dest: "{{ consul_ssl_dir }}"
+ state: directory
+ owner: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ tags:
+ - consul-conf
+
+- name: Conf - Create Config Directory
+ file:
+ dest: "{{ consul_config_dir }}"
+ state: directory
+ owner: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ mode: 0755
+ tags:
+ - consul-conf
+
+- name: Conf - Nomad integration Consul Configuration
+ template:
+ src: consul.hcl.j2
+ dest: "{{ nomad_config_dir }}/consul.hcl"
+ owner: "nomad"
+ group: "nomad"
+ mode: 0644
+ when:
+ - consul_nomad_integration | bool
+ tags:
+ - consul-conf
+
+- name: Conf - Base Configuration
+ template:
+ src: base.hcl.j2
+ dest: "{{ consul_config_dir }}/base.hcl"
+ owner: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ mode: 0644
+ tags:
+ - consul-conf
+
+- name: Conf - Ports Configuration
+ template:
+ src: ports.hcl.j2
+ dest: "{{ consul_config_dir }}/ports.hcl"
+ owner: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ mode: 0644
+ tags:
+ - consul-conf
+
+- name: Conf - Services Configuration
+ template:
+ src: services.json.j2
+ dest: "{{ consul_config_dir }}/services.json"
+ owner: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ mode: 0644
+ when:
+ - consul_services
+ tags:
+ - consul-conf
+
+- name: Conf - Copy Certificates And Keys
+ copy:
+ content: "{{ item.src }}"
+ dest: "{{ item.dest }}"
+ owner: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ mode: 0600
+ no_log: true
+ loop: "{{ consul_certificates | flatten(levels=1) }}"
+ tags:
+ - consul-conf
+
+- name: Conf - System.d Script
+ template:
+ src: "consul_systemd.service.j2"
+ dest: "/lib/systemd/system/consul.service"
+ owner: "root"
+ group: "root"
+ mode: 0644
+ notify:
+ - "Restart Consul"
+ - "Stop Systemd-resolved"
+# - "Restart Nomad"
+ tags:
+ - consul-conf
--- /dev/null
+node_name = "{{ consul_node_name }}"
+datacenter = "{{ consul_datacenter }}"
+
+bind_addr = "{{ consul_bind_addr }}"
+client_addr = "{{ consul_client_addr }}"
+data_dir = "{{ consul_data_dir }}"
+
+enable_syslog = {{ consul_enable_syslog | bool | lower }}
+enable_debug = {{ consul_enable_debug | bool | lower }}
+disable_update_check = {{ consul_disable_update_check | bool | lower }}
+log_level = "{{ consul_log_level }}"
+
+server = {{ consul_node_server | bool | lower }}
+encrypt = "{{ consul_encrypt }}"
+{% if consul_node_server | bool == True %}
+bootstrap_expect = {{ consul_bootstrap_expect }}
+{% endif %}
+{% if consul_retry_join | bool -%}
+retry_join = [ {% for ip_port in consul_retry_servers -%} "{{ ip_port }}"{% if not loop.last %}, {% endif %}{%- endfor -%} ]
+{%- endif %}
+
+ui = {{ consul_ui | bool | lower }}
+
+ca_file = "{{ consul_ca_file }}"
+cert_file = "{{ consul_cert_file }}"
+key_file = "{{ consul_key_file }}"
+
+{% if consul_recursors -%}
+recursors = [ {% for server in consul_recursors -%} "{{ server }}"{% if not loop.last %}, {% endif %}{%- endfor -%} ]
+{%- endif %}
\ No newline at end of file
--- /dev/null
+consul {
+ address = "{{ consul_address }}"
+ auth = "{{ consul_auth }}"
+ auto_advertise = {{ consul_auto_advertise | bool | lower }}
+ ca_file = "{{ consul_ca_file }}"
+ cert_file = "{{ consul_cert_file }}"
+ checks_use_advertise = {{ consul_checks_use_advertise | bool | lower }}
+ client_auto_join = {{ consul_client_auto_join | bool | lower }}
+ client_service_name = "{{ consul_client_service_name }}"
+ key_file = "{{ consul_key_file }}"
+ server_service_name = "{{ consul_server_service_name }}"
+ server_auto_join = {{ consul_server_auto_join | bool | lower }}
+ ssl = {{ consul_ssl | bool | lower }}
+ verify_ssl = {{ consul_verify_ssl | bool | lower }}
+
+{% if consul_ACL_token_set == True %}
+ token = "{{ consul_token }}"
+{% endif %}
+
+}
\ No newline at end of file
--- /dev/null
+[Unit]
+Description=Consul Service
+Documentation=https://www.nomadproject.io/docs/
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+# TODO: Decrease privilege
+ExecReload=/bin/kill -SIGHUP $MAINPID
+ExecStart={{ consul_bin_dir }}/consul agent -config-dir {{ consul_config_dir }}
+KillSignal=SIGTERM
+LimitNOFILE=infinity
+LimitNPROC=infinity
+Restart=on-failure
+RestartSec=1
+User=root
+Group=root
+Environment="GOMAXPROCS=2"
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+ports {
+ dns = {{ consul_port_dns }}
+ http = {{ consul_port_http }}
+ https = {{ consul_port_https }}
+ grpc = {{ consul_port_grpc }}
+ serf_lan = {{ consul_port_serf_lan }}
+ serf_wan = {{ consul_port_serf_wan }}
+ server = {{ consul_port_server }}
+}
\ No newline at end of file
--- /dev/null
+{
+ "services": [
+{% for item in consul_services %}
+ {
+ "name": "{{ item.name }}",
+ "port": {{ item.port }}
+ }
+{%- if not loop.last %},
+{% endif %}
+{% endfor %}
+
+ ]
+}
\ No newline at end of file
--- /dev/null
+---
+# file: roles/consul/vars/main.yaml
+
+consul_node_client: "{{ (consul_node_role == 'client') or (consul_node_role == 'both') }}"
+consul_node_server: "{{ (consul_node_role == 'server') or (consul_node_role == 'both') }}"
nomad_no_host_uuid: true
nomad_options: {}
nomad_servers: []
+nomad_volumes: []
# Conf - server.hcl
nomad_bootstrap_expect: 2
}
{% endif %}
+ {% if nomad_volumes -%}
+ {% for volume in nomad_volumes -%}
+ host_volume "{{ volume.name }}" {
+ path = "{{ volume.path }}"
+ read_only = {{ volume.read_only | bool | lower }}
+ }
+ {% endfor -%}
+ {% endif %}
+
}
[Service]
# TODO: Decrease privilege
-ExecReload=/bin/kill -SIGKILL $MAINPID
+ExecReload=/bin/kill -SIGHUP $MAINPID
ExecStart={{ nomad_bin_dir }}/nomad agent -config={{ nomad_config_dir }}
KillSignal=SIGTERM
LimitNOFILE=infinity
become: yes
become_user: root
roles:
+ - role: user_add
+ tags: user_add
- role: baremetal
tags: baremetal
- role: common
tags: common
- role: docker
tags: docker
+ - role: nomad
+ tags: nomad
+ - role: consul
+ tags: consul
- role: vpp_device
tags: vpp_device
- role: kernel_vm
tags: kernel_vm
- role: csit_sut_image
tags: csit_sut_image
- - role: nomad
- tags: nomad
- role: cleanup
tags: cleanup
Code Review / csit.git / commitdiff